← 返回 Skills 市场
115
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-feishu-voice-free
功能描述
OpenClaw 飞书语音聊天技能,基于本地 Qwen3-TTS 和 Whisper,实现离线多语言语音识别与合成,无需云端API。
安全使用建议
Do not blindly copy or overwrite system OpenClaw config files or use the provided openclaw.json without review—it contains Feishu appId/appSecret values and a gateway token. Treat those as sensitive: remove or replace them with your own credentials. If you want strictly offline operation, avoid using the --remote option in scripts/tools/tts-base.py and ensure QWEN_TTS_REMOTE is unset. When starting the servers, prefer binding to localhost (127.0.0.1) rather than 0.0.0.0 to avoid exposing endpoints to the network, and run services under a non-root account. Review setup.sh and pip requirements before running (pip installs execute code). Only download models from official sources you trust, and verify any embedded credentials are not active. If you’re unsure, run the skill in an isolated VM or container first and audit network traffic to confirm no unexpected outbound connections.
功能分析
Type: OpenClaw Skill
Name: openclaw-feishu-voice-free
Version: 1.0.0
The skill bundle provides legitimate offline voice-to-text and text-to-speech services using Whisper and Qwen3-TTS; however, it is classified as suspicious due to the inclusion of a highly sensitive configuration file (openclaw.json) containing plaintext Feishu appSecrets, appIds, and a gateway authentication token. Additionally, the tool integration relies on executing shell commands via 'bash -c' with curl, which presents a risk of command injection if input parameters like 'MediaPath' are not strictly sanitized by the host environment. The servers also bind to all network interfaces (0.0.0.0) by default in scripts like tts-base-server-openai.py and whisper-server.py, potentially exposing the local model services to the network without authentication.
能力评估
Purpose & Capability
The package implements local Whisper ASR and Qwen3-TTS servers and an installation script which is coherent with the described offline voice skill. However the bundle includes an openclaw.json containing Feishu appId/appSecret entries and a gateway token, which are unrelated to delivering local TTS/ASR functionality and unnecessary for the skill itself. Shipping sample/real channel credentials inside the skill is unexpected and potentially dangerous.
Instruction Scope
SKILL.md directs copying files into OpenClaw, running setup.sh, adding entries to /root/.openclaw/openclaw.json, starting long‑running HTTP servers, and optionally creating systemd services. The codebase is largely offline-capable, but the tts-base.py tool explicitly supports a --remote mode (and posts base64-encoded reference audio to arbitrary URLs), which contradicts the 'completely offline' claim and creates a possible exfiltration vector. The servers bind to 0.0.0.0 by default (exposing services network-wide) unless the operator restricts it.
Install Mechanism
There is no platform install spec, but setup.sh will create a venv and pip-install dependencies (torch, qwen-tts, transformers, pydub, etc.). This is expected for model-serving code; it is moderate risk (pip installs run arbitrary code) but not unusual for this type of skill. No downloads from obscure URLs are performed by the script itself (model downloads are delegated to huggingface-cli or snapshot_download).
Credentials
The skill declares no required env vars, yet code and docs reference environment variables (e.g., QWEN_TTS_REMOTE, QWEN_TTS_LANGUAGE) and the distributed openclaw.json contains what look like real credentials and a gateway token for Feishu and OpenClaw. Those credentials are not justified by the skill's purpose and could allow unauthorized access if they are active credentials or if the file is copied into a global config. The skill also instructs editing /root/.openclaw/openclaw.json — risk of accidentally overwriting or merging secrets.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable only. However the README and SKILL.md encourage creating systemd services to run the servers as root and restarting the OpenClaw gateway, which gives persistent network-exposed processes. Combined with the embedded gateway token and channel credentials, this increases the operational blast radius if those items are active or misused.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-feishu-voice-free - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-feishu-voice-free触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial Release
元数据
常见问题
openclaw-feishu-voice-free 是什么?
OpenClaw 飞书语音聊天技能,基于本地 Qwen3-TTS 和 Whisper,实现离线多语言语音识别与合成,无需云端API。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 115 次。
如何安装 openclaw-feishu-voice-free?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-feishu-voice-free」即可一键安装,无需额外配置。
openclaw-feishu-voice-free 是免费的吗?
是的,openclaw-feishu-voice-free 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
openclaw-feishu-voice-free 支持哪些平台?
openclaw-feishu-voice-free 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 openclaw-feishu-voice-free?
由 Shuai Shi(@shuaishi1991)开发并维护,当前版本 v1.0.0。
推荐 Skills